private void button1_Click_1(object sender, EventArgs e) { //NOTE: OUTDATED Project. See Import_all string filename; //http://www.saintcorporation.com/xml/exploits.xml try { WebClient wc = new WebClient(); wc.DownloadFile("http://www.saintcorporation.com/xml/exploits.xml", "C:/nvdcve/exploits.xml"); //HARDCODED // wc.Dispose(); //MessageBox.Show("Download is completed", "info", MessageBoxButtons.OK, MessageBoxIcon.Question, MessageBoxDefaultButton.Button1); } catch (Exception ex) { MessageBox.Show("Error while downloading exploits.xml\n" + ex.Message, "Erreur", MessageBoxButtons.OK, MessageBoxIcon.Hand, MessageBoxDefaultButton.Button1); } filename = @"C:\nvdcve\exploits.xml"; //HARDCODED XmlDocument doc = new XmlDocument(); doc.Load(filename); string query = "/xml/body/exploits"; XmlNode report; report = doc.SelectSingleNode(query); XORCISMEntities model = new XORCISMEntities(); XVULNERABILITYEntities vuln_model = new XVULNERABILITYEntities(); foreach (XmlNode n in report.ChildNodes) { //if (n.Name.ToUpper() == "exploit".ToUpper() && n.ChildNodes != null && n.ChildNodes.Count > 0) //{ EXPLOIT sploit = new EXPLOIT(); string myRefID = n.Attributes["id"].InnerText; sploit.ExploitRefID = myRefID; sploit.ExploitName = n.Attributes["id"].InnerText; sploit.ExploitReferential = "saint"; sploit.ExploitDescription = HelperGetChildInnerText(n, "description"); //TODO //sploit.saint_id = HelperGetChildInnerText(n, "saint_id"); sploit.ExploitType = HelperGetChildInnerText(n, "type"); //Search the VulnerabilityID string myCVE = HelperGetChildInnerText(n, "cve"); int vulnID = 0; if (myCVE != "") { var syn = from S in vuln_model.VULNERABILITY where S.VULReferential.Equals("cve") && S.VULReferentialID.Equals(myCVE) select S; if (syn.Count() != 0) { vulnID = syn.ToList().First().VulnerabilityID; // MessageBox.Show("VulnerabilityID of " + myCVE + " is:" + vulnID); } else { //MessageBox.Show("Import_saint_exploits CVE not found! " + myCVE); //CANDIDATE VULNERABILITY canCVE = new VULNERABILITY(); canCVE.VULReferential = "cve"; canCVE.VULReferentialID = myCVE; canCVE.VULDescription = "CANDIDATE"; vuln_model.VULNERABILITY.Add(canCVE); vuln_model.SaveChanges(); vulnID = canCVE.VulnerabilityID; // return; } } //Check if the exploit already exists in the database var syna = from S in model.EXPLOIT where S.ExploitReferential.Equals("saint") && S.ExploitRefID.Equals(myRefID) select S; if (syna.Count() == 0) { model.EXPLOIT.Add(sploit); } else { sploit.ExploitID = syna.ToList().First().ExploitID; } try { model.SaveChanges(); } catch (FormatException ex) { MessageBox.Show("FormatException AddToEXPLOIT : " + ex); return; } if (vulnID != 0) { //Check if EXPLOITFORVULNERABILITY already exists in the database var synj = from S in model.EXPLOITFORVULNERABILITY where S.VulnerabilityID.Equals(vulnID) && S.ExploitID.Equals(sploit.ExploitID) select S; if (synj.Count() == 0) { EXPLOITFORVULNERABILITY sploitvuln = new EXPLOITFORVULNERABILITY(); sploitvuln.VulnerabilityID = vulnID; sploitvuln.ExploitID = sploit.ExploitID; try { model.EXPLOITFORVULNERABILITY.Add(sploitvuln); model.SaveChanges(); } catch (FormatException ex) { MessageBox.Show("AddToEXPLOITFORVULNERABILITY : " + ex); } } } //**************************************************************** // OSVDB string myOSVDB = HelperGetChildInnerText(n, "osvdb"); if (myOSVDB != "") { //Check if the OSVDB reference already exists in the database int osvdbID = 0; var syn2 = from S in model.REFERENCE where S.Source.Equals("OSVDB") && S.ReferenceTitle.Equals(myOSVDB) select S; REFERENCE RefJA = new REFERENCE(); if (syn2.Count() != 0) { //UPDATE osvdbID = syn2.ToList().First().ReferenceID; RefJA.ReferenceID = osvdbID; RefJA.ReferenceURL = "http://osvdb.org/" + myOSVDB; model.SaveChanges(); } else { //Add the OSVDB Reference RefJA.Source = "OSVDB"; RefJA.ReferenceTitle = myOSVDB; RefJA.ReferenceURL = "http://osvdb.org/" + myOSVDB; model.REFERENCE.Add(RefJA); model.SaveChanges(); osvdbID = RefJA.ReferenceID; } //Check if the EXPLOITFORREFERENCE already exists in the database var syn3 = from S in model.EXPLOITFORREFERENCE where S.ExploitID.Equals(sploit.ExploitID) && S.ReferenceID.Equals(osvdbID) select S; if (syn3.Count() == 0) { EXPLOITFORREFERENCE sploitref = new EXPLOITFORREFERENCE(); sploitref.ExploitID = sploit.ExploitID; sploitref.ReferenceID = osvdbID; model.EXPLOITFORREFERENCE.Add(sploitref); model.SaveChanges(); } } //**************************************************************** // BID string myBID = HelperGetChildInnerText(n, "bid"); if (myBID != "") { //Check if the BID reference already exists in the database int bidID = 0; var syn2 = from S in model.REFERENCE where S.Source.Equals("BID") && S.ReferenceTitle.Equals(myBID) select S; if (syn2.Count() != 0) { bidID = syn2.ToList().First().ReferenceID; } else { //Add the OSVDB Reference REFERENCE RefJA = new REFERENCE(); RefJA.Source = "BID"; RefJA.ReferenceTitle = myBID; RefJA.ReferenceURL = "http://securityfocus.com/bid/" + myBID; model.REFERENCE.Add(RefJA); model.SaveChanges(); bidID = RefJA.ReferenceID; } //Check if the EXPLOITFORREFERENCE already exists in the database var syn3 = from S in model.EXPLOITFORREFERENCE where S.ExploitID.Equals(sploit.ExploitID) && S.ReferenceID.Equals(bidID) select S; if (syn3.Count() == 0) { EXPLOITFORREFERENCE sploitref = new EXPLOITFORREFERENCE(); sploitref.ExploitID = sploit.ExploitID; sploitref.ReferenceID = bidID; model.EXPLOITFORREFERENCE.Add(sploitref); model.SaveChanges(); } } //} } MessageBox.Show("FINISHED MISTER_X"); }
static void Main(string[] args) { //https://stackoverflow.com/questions/5940225/fastest-way-of-inserting-in-entity-framework model.Configuration.AutoDetectChangesEnabled = false; model.Configuration.ValidateOnSaveEnabled = false; int iCptYear = DateTime.Now.Year; //XORCISMEntities model = new XORCISMEntities(); //int iVocabularySCIPID = 0;// 1044; //SCIP #region vocabularyscip try { iVocabularySCIPID = model.VOCABULARY.Where(o => o.VocabularyName == "SCIP").Select(o => o.VocabularyID).FirstOrDefault(); } catch (Exception ex) { } if (iVocabularySCIPID <= 0) { VOCABULARY oVocabulary = new VOCABULARY(); oVocabulary.CreatedDate = DateTimeOffset.Now; oVocabulary.VocabularyName = "SCIP"; model.VOCABULARY.Add(oVocabulary); model.SaveChanges(); iVocabularySCIPID = oVocabulary.VocabularyID; Console.WriteLine("DEBUG iVocabularySCIPID=" + iVocabularySCIPID); } #endregion vocabularyscip while (iCptYear > 2003) { string sURI = "refmap" + iCptYear; Console.WriteLine("DEBUG *************************************************************"); Console.WriteLine("DEBUG " + DateTimeOffset.Now.ToString()); Console.WriteLine("DEBUG Working on " + sURI); string sDownloadFileURL = "http://www.scip.ch/en/?vuldb." + sURI; iCptYear--; HttpWebRequest webRequest = null; HttpWebResponse webResponse = null; webRequest = (HttpWebRequest)WebRequest.Create(new Uri(sDownloadFileURL)); webRequest.Method = "GET"; //webRequest.Credentials = CredentialCache.DefaultCredentials; //webRequest.Timeout = 20 * 60 * 1000; //20 minutes webResponse = (HttpWebResponse)webRequest.GetResponse(); StreamReader SR = new StreamReader(webResponse.GetResponseStream()); string sResponseText = SR.ReadToEnd(); //Console.WriteLine(sResponseText); SR.Close(); webResponse.Close(); StreamWriter swStreamWriter = new StreamWriter(sURI + ".txt"); swStreamWriter.Write(sResponseText); swStreamWriter.Close(); StreamReader srStreamReader = new StreamReader(sURI + ".txt"); string sLine = srStreamReader.ReadLine(); string sTemp = string.Empty; string sCurrentVULDB = string.Empty; string sCurrentCVE = string.Empty; int iVulnerabilityID = 0; Regex myRegexVULDB = new Regex(@"<a href=\""\?vuldb\.[0-9](.*?)\"""); //TODO Review //Regex myRegexCVE = new Regex("CVE-[0-9][0-9][0-9][0-9]-[0-9][0-9][0-9][0-9]"); Regex myRegexCVE = new Regex(@"CVE-(19|20)\d\d-(0\d{3}|[1-9]\d{3,})"); //https://cve.mitre.org/cve/identifiers/tech-guidance.html Regex myRegexSECTRACK = new Regex(@"securitytracker.com/id/(.*?)\"" "); //TODO Review Regex myRegexSECUNIA = new Regex(@"secunia.com/advisories/(.*?)\"" "); //TODO Review Regex myRegexBID = new Regex(@"securityfocus.com/bid/(.*?)\"" "); //TODO Review Regex myRegexXFORCE = new Regex(@"xforce.iss.net/xforce/xfdb/(.*?)\"" "); //TODO Review Regex myRegexOSVDB = new Regex(@"osvdb.org/[0-9](.*?)\"" "); //TODO Review while (sLine != null) { sLine = sLine.Replace("securitytracker.com/id?", "securitytracker.com/id/"); //sLine = sLine.Replace("https://www.", "http://"); //sLine = sLine.Replace("http://www.", "http://"); sLine = sLine.Replace("osvdb.org/displayvuln.php?osvdbid=", "osvdb.org/"); sLine = sLine.Replace("osvdb.org/show/osvdb/", "osvdb.org/"); //TODO? microsoft.com MS sTemp = myRegexVULDB.Match(sLine).ToString(); if (sTemp != "") { sTemp = sTemp.Replace("<a href=", ""); sTemp = sTemp.Replace("\"", ""); sTemp = sTemp.Replace("?vuldb.", ""); //TODO check if ok sCurrentVULDB = sTemp; Console.WriteLine("*************************************************************"); Console.WriteLine("DEBUG " + DateTimeOffset.Now.ToString()); Console.WriteLine("DEBUG SCIP VULDB:" + sCurrentVULDB); } else { sTemp = myRegexCVE.Match(sLine).ToString(); if (sTemp != "") { #region cve sCurrentCVE = sTemp; Console.WriteLine("DEBUG " + DateTimeOffset.Now.ToString()); Console.WriteLine("DEBUG CVE:" + sCurrentCVE); //TODO double-check if it is real CVE-ID try { iVulnerabilityID = vuln_nodel.VULNERABILITY.Where(o => o.VULReferential == "cve" && o.VULReferentialID == sCurrentCVE).Select(o => o.VulnerabilityID).FirstOrDefault(); } catch (Exception exCVE) { //Console.WriteLine("Exception exCVE " + exCVE.Message + " " + exCVE.InnerException); } if (iVulnerabilityID <= 0) { try { VULNERABILITY oVulnerability = new VULNERABILITY(); oVulnerability.CreatedDate = DateTimeOffset.Now; oVulnerability.VocabularyID = iVocabularySCIPID; oVulnerability.VULReferential = "cve"; oVulnerability.VULReferentialID = sCurrentCVE; oVulnerability.timestamp = DateTimeOffset.Now; vuln_nodel.VULNERABILITY.Add(oVulnerability); vuln_nodel.SaveChanges(); iVulnerabilityID = oVulnerability.VulnerabilityID; } catch (System.Data.Entity.Validation.DbEntityValidationException e) { System.Text.StringBuilder sb = new System.Text.StringBuilder(); foreach (var eve in e.EntityValidationErrors) { sb.AppendLine(string.Format("Entity of type \"{0}\" in state \"{1}\" has the following validation errors:", eve.Entry.Entity.GetType().Name, eve.Entry.State)); foreach (var ve in eve.ValidationErrors) { sb.AppendLine(string.Format("- Property: \"{0}\", Error: \"{1}\"", ve.PropertyName, ve.ErrorMessage)); } } //throw new DbEntityValidationException(sb.ToString(), e); Console.WriteLine("Exception DbEntityValidationExceptionUPDATECAPEC " + sb.ToString()); } catch (Exception exSCIPCVE) { Console.WriteLine("Exception exSCIPCVE " + exSCIPCVE.Message + " " + exSCIPCVE.InnerException); } } else { //Update VULNERABILITY } Console.WriteLine("DEBUG " + DateTimeOffset.Now.ToString()); Console.WriteLine("DEBUG iVulnerabilityID=" + iVulnerabilityID); sSource = "SCIP"; sSourceID = sCurrentVULDB; sReferenceURL = "http://scip.ch/?vuldb." + sCurrentVULDB; fAddReference(iVulnerabilityID); //, sSource, sSourceID, sReferenceURL); #endregion cve } else { //<td><a href="http://osvdb.org/3314" title="osvdb.org/3314">3314</a></td> sTemp = myRegexOSVDB.Match(sLine).ToString(); if (sTemp != "") { #region osvdb //Console.WriteLine(sTemp); sSource = "OSVDB"; sSourceID = sTemp.Replace("osvdb.org/", ""); sSourceID = sSourceID.Replace("/", ""); sSourceID = sSourceID.Replace("\"", "").Trim(); //Console.WriteLine(sSourceID); try { int iTest = int.Parse(sSourceID); sReferenceURL = "http://osvdb.org/" + sSourceID; Console.WriteLine("DEBUG " + sReferenceURL); fAddReference(iVulnerabilityID); //, sSource, sSourceID, sReferenceURL); } catch (Exception exSCIPOSVDBID) { Console.WriteLine("Exception exSCIPOSVDBID " + sSourceID + " " + exSCIPOSVDBID.Message + " " + exSCIPOSVDBID.InnerException); } //TODO see Import_all //fRequestOSVDB(); #endregion osvdb } else { #region securitytracker ////http://securitytracker.com/id?1028074 //http://securitytracker.com/id/1029599 sTemp = myRegexSECTRACK.Match(sLine).ToString(); if (sTemp != "") { //Console.WriteLine(sTemp); sSource = "SECTRACK"; sSourceID = sTemp.Replace("securitytracker.com/id/", ""); sSourceID = sSourceID.Replace("/", ""); sSourceID = sSourceID.Replace("\"", "").Trim(); //Console.WriteLine(sSourceID); sReferenceURL = "http://securitytracker.com/id/" + sSourceID; Console.WriteLine("DEBUG " + sReferenceURL); fAddReference(iVulnerabilityID); //, sSource, sSourceID, sReferenceURL); } #endregion securitytracker else { #region secunia //http://secunia.com/advisories/58347 sTemp = myRegexSECUNIA.Match(sLine).ToString(); if (sTemp != "") { //Console.WriteLine(sTemp); sSource = "SECUNIA"; sSourceID = sTemp.Replace("secunia.com/advisories/", ""); sSourceID = sSourceID.Replace("/", ""); sSourceID = sSourceID.Replace("\"", "").Trim(); //Console.WriteLine(sSourceID); sReferenceURL = "http://secunia.com/advisories/" + sSourceID; Console.WriteLine("DEBUG " + sReferenceURL); fAddReference(iVulnerabilityID); //, sSource, sSourceID, sReferenceURL); } #endregion secunia else { #region securityfocus //http://securityfocus.com/bid/123 sTemp = myRegexBID.Match(sLine).ToString(); if (sTemp != "") { //Console.WriteLine(sTemp); sSource = "BID"; sSourceID = sTemp.Replace("securityfocus.com/bid/", ""); sSourceID = sSourceID.Replace("/", ""); sSourceID = sSourceID.Replace("\"", "").Trim(); //Console.WriteLine(sSourceID); sReferenceURL = "http://securityfocus.com/bid/" + sSourceID; Console.WriteLine("DEBUG " + sReferenceURL); fAddReference(iVulnerabilityID); //, sSource, sSourceID, sReferenceURL); } #endregion securityfocus else { #region xforce //http://xforce.iss.net/xforce/xfdb/123 sTemp = myRegexXFORCE.Match(sLine).ToString(); if (sTemp != "") { //Console.WriteLine(sTemp); sSource = "XF"; sSourceID = sTemp.Replace("xforce.iss.net/xforce/xfdb/", ""); sSourceID = sSourceID.Replace("/", ""); sSourceID = sSourceID.Replace("\"", "").Trim(); //Console.WriteLine(sSourceID); sReferenceURL = "http://xforce.iss.net/xforce/xfdb/" + sSourceID; Console.WriteLine("DEBUG " + sReferenceURL); fAddReference(iVulnerabilityID); //, sSource, sSourceID, sReferenceURL); } #endregion xforce else { //TODO } } } } } } } sLine = srStreamReader.ReadLine(); } srStreamReader.Close(); } //FREE try { model.SaveChanges(); } catch (System.Data.Entity.Validation.DbEntityValidationException e) { System.Text.StringBuilder sb = new System.Text.StringBuilder(); foreach (var eve in e.EntityValidationErrors) { sb.AppendLine(string.Format("Entity of type \"{0}\" in state \"{1}\" has the following validation errors:", eve.Entry.Entity.GetType().Name, eve.Entry.State)); foreach (var ve in eve.ValidationErrors) { sb.AppendLine(string.Format("- Property: \"{0}\", Error: \"{1}\"", ve.PropertyName, ve.ErrorMessage)); } } //throw new DbEntityValidationException(sb.ToString(), e); Console.WriteLine("Exception DbEntityValidationExceptionFINALSAVE " + sb.ToString()); } catch (Exception exFINALSAVE) { Console.WriteLine("Exception exFINALSAVE " + exFINALSAVE.Message + " " + exFINALSAVE.InnerException); } model.Dispose(); }
/// <summary> /// Copyright (C) 2014-2015 Jerome Athias /// TEST/DEBUG ONLY tool to play with an XORCISM database (check the proper import and relationships creation between CVE and OVAL) /// This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. /// /// This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. /// /// You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA /// </summary> static void Main(string[] args) { XORCISMEntities model = new XORCISMEntities(); XOVALEntities oval_model = new XOVALEntities(); XVULNERABILITYEntities vuln_model = new XVULNERABILITYEntities(); string sCVEID = "CVE-2014-3802"; //HARDCODED VULNERABILITY oVulnerability = null; try { oVulnerability = vuln_model.VULNERABILITY.Where(o => o.VULReferentialID == sCVEID).FirstOrDefault(); } catch (Exception ex) { } if (oVulnerability != null) { //Check if we have an OVALDEFINITION for the VULNERABILITY int iOVALDEFINITIONVULNERABILITYID = 0; try { iOVALDEFINITIONVULNERABILITYID = oval_model.OVALDEFINITIONVULNERABILITY.Where(o => o.VulnerabilityID == oVulnerability.VulnerabilityID).Select(o => o.OVALDefinitionVulnerabilityID).FirstOrDefault(); } catch (Exception ex) { } if (iOVALDEFINITIONVULNERABILITYID > 0) { Console.WriteLine("DEBUG: We already have a definition"); } else { //Search a Product in the Vulnerability's Definition foreach (PRODUCT oProduct in model.PRODUCT) { if (oVulnerability.VULDescription.ToLower().Contains(oProduct.ProductName.ToLower())) { Console.WriteLine("DEBUG: Potential Product: " + oProduct.ProductName); //Platform //CPE } } //Search a Filename in the Vulnerability's Definition foreach (FILE oFile in model.FILE) { if (oVulnerability.VULDescription.ToLower().Contains(oFile.FileName.ToLower())) { Console.WriteLine("DEBUG: Potential File: " + oFile.FileName); } } //regex .dll } } else { Console.WriteLine("ERROR: Vulnerability not found"); } }